I've encountered strange problem with DNS-over-HTTPS server and don't know how to approach it's troubleshooting.
I'm using ROS 7.11beta4 with pretty straightforward DoH config (same config works perfectly well with cloudflare):
Code: Select all
use-doh-server: https://doh.zln.wtf/dns-query
verify-doh-cert: yes
doh-max-server-connections: 5
doh-max-concurrent-queries: 50
doh-timeout: 5sCode: Select all
# 2023-07-06 20:49:17 by RouterOS 7.11beta4
# software id = GF7A-YUUZ
#
# model = RB4011iGS+5HacQ2HnD
# serial number = D43B0C952443
/ip dns
set allow-remote-requests=yes servers=172.18.0.1 use-doh-server=https://doh.zln.wtf/dns-query verify-doh-cert=yes
DoH server is OK also - works perfectly fine in Firefox browser. But I see recurring messages in router's log (and no name resolves obviously):
07-02 00:38:59 dns,error DoH server connection error: ERROR parsing http: error in line
07-02 00:39:10 dns,error DoH server connection error: ERROR parsing http: error in line
...
My guess is there's some problem parsing HTTP headers, but error message is lacking details. DoH-server doh.zln.wtf is public and can be used to reproduce problem.
Here's logs from DoH-server side (request-response look correct):
2023/07/01 20:05:41 [warn] 486396#486396: *3880 js: process_doh_request: DNS Req: 1538010000010000000000000775706772616465086d696b726f74696b03636f6d0000010001
2023/07/01 20:05:41 [warn] 486396#486396: *3880 js: process_doh_request: DNS Req ID: 5432
2023/07/01 20:05:41 [warn] 486396#486396: *3880 js: process_doh_request: DNS Req Name: upgrade.mikrotik.com
2023/07/01 20:05:41 [warn] 486396#486396: *3880 js: DNS Res: 1538818000010003000000000775706772616465086d696b726f74696b03636f6d0000010001c00c0005000100000abe000b08646f776e6c6f6164c014c0320001000100000abe00049f9493ccc0320001000100000abe00049f94ace2
2023/07/01 20:05:41 [warn] 486396#486396: *3880 js: DNS Res Answers: [["0",{"name":"upgrade.mikrotik.com","type":5,"class":1,"ttl":2750,"rdlength":11,"data":"download.mikrotik.com"}],["1",{"name":"download.mikrotik.com","type":1,"class":1,"ttl":2750,"rdlength":4,"data":"159.148.147.204"}],["2",{"name":"download.mikrotik.com","type":1,"class":1,"ttl":2750,"rdlength":4,"data":"159.148.172.226"}]]
2023/07/01 20:05:41 [warn] 486396#486396: *3880 js: DNS Res Packet: [["qd",1],["authority",[]],["ar",0],["id",5432],["ns",0],["offset",81],["flags",129],["an",3],["answers",[{"name":"upgrade.mikrotik.com","type":5,"class":1,"ttl":2750,"rdlength":11,"data":"download.mikrotik.com"},{"name":"download.mikrotik.com","type":1,"class":1,"ttl":2750,"rdlength":4,"data":"159.148.147.204"},{"name":"download.mikrotik.com","type":1,"class":1,"ttl":2750,"rdlength":4,"data":"159.148.172.226"}]],["codes",128],["question",{"name":"upgrade.mikrotik.com","type":1,"class":1,"qend":38}],["min_ttl",2750],["additional",[]]]
Please advise how can I troubleshoot this issue further.
EDIT: Pls find backend packet capture here
Thanks in advance, regards,
Konstantin